Adding keys to registry via WinAPI and C

numer_05 · 06-28-2019, 02:19 AM

I really don't know how to write this, but essentially with malware you would want persistency of some sort and the easiest method on Windows I have found thus far is simply adding your program to the registry of HKEY_CURRENT_USER. My setup was simple enough, I just had the program in %APPDATA% and went from there:

Code:
#include <windows.h>

void createRegKey() {

TCHAR szPath[MAX_PATH];

HKEY hkey;

GetModuleFileName( NULL, szPath, sizeof(szPath) ); 

RegCreateKeyEx( HKEY_CURRENT_USER, "Software\\Microsoft\\Windows\\CurrentVersion\\Run", 0, NULL, REG_OPTION_NON_VOLATILE, KEY_ALL_ACCESS, NULL, &hkey, NULL );

RegSetValueEx( hkey, NAME, 0, REG_SZ, ( LPBYTE )szPath, sizeof( szPath ) ); 

RegCloseKey( hkey );

}

First you get the path of the current running program then you create the key and pass that value to the HKEY datatype. Afterwards you set the value which in my case was just the name of the key itself and also the path of the program. Of course, always close the key after you are done because just like with a file descriptor... it will remain open and possibly cause issues.

mothered · 06-28-2019, 04:40 AM

It's good to see Registry edits, seldom are any contributed.

Given the Registry Is a critical part of the operating system, I strongly suggest backing It up by using It's "Export" feature prior to any edits. Any Incorrect entries, can cause significant system Instability and/or loss of functionality.

numer_05 · 06-28-2019, 03:29 PM

(06-28-2019, 04:40 AM)mothered Wrote: It's good to see Registry edits, seldom are any contributed.

Given the Registry Is a critical part of the operating system, I strongly suggest backing It up by using It's "Export" feature prior to any edits. Any Incorrect entries, can cause significant system Instability and/or loss of functionality.

I have thought about this, but all you are really doing is adding a key and there are numerous examples plus a bunch of articles on how the registry works. If you can't RTFM... you shouldn't be doing anything with the registry.

mothered · 06-29-2019, 04:13 AM

(06-28-2019, 03:29 PM)numer_05 Wrote:
(06-28-2019, 04:40 AM)mothered Wrote: It's good to see Registry edits, seldom are any contributed.

Given the Registry Is a critical part of the operating system, I strongly suggest backing It up by using It's "Export" feature prior to any edits. Any Incorrect entries, can cause significant system Instability and/or loss of functionality.

I have thought about this, but all you are really doing is adding a key and there are numerous examples plus a bunch of articles on how the registry works. If you can't RTFM... you shouldn't be doing anything with the registry.

In terms of simplicity of editing the Registry, I certainly agree. I've been working with It for close to two decades.

However, users who have very little experience, can well and truly corrupt It- even something as simple as this.

Yarrakk · 09-16-2019, 02:07 PM

Thank you very much my friend

eariel · 11-29-2023, 04:09 PM

very cool but old lets try it!